Cybersecurity: a school curriculum necessity

Students must learn early on how to protect themselves online

Do you think about cybersecurity training in your son or daughter’s K-12 school? If not, you should be.

Take it from this cybersecurity veteran, we are not preparing our kids to spot and defend against online attacks, nor are we educating them on the best protective measures either.

Schools do a decent job teaching children about some cybersecurity topics including:

— The harm of cyber bullying

— Why you should never sext (send nude photos by text)

— Understanding important privacy issues on Facebook and other social media platforms

But schools mostly fail to educate students on the fundamentals of 21st century online cybersecurity risks. Passwords, password management and password tools are rarely, if ever, discussed. Learning the fundamentals of a phishing or social engineering attack are woefully absent from our basic computer curriculum.

Why is it important to educate young students about these threats and to teach them necessary habits of online protection? Learning online protective habits early matters a great deal. From a cybersecurity perspective, the internet is the great equalizer for all nations, peoples and groups. It is cheaper and easier than ever before in the history of the world for an anonymous attacker to target anyone, any business, located anywhere in the world.

Whether you’re a cybersecurity expert like myself, youngster playing online games or parent checking their bank account, the risks we all face come in many shapes and sizes. For all its conveniences and efficiencies, the internet has no borders or boundaries. For criminals it has become a revival of the Wild West – a frontier where policing and the law are usually one or two steps behind emboldened and very smart hackers.

A recent Pew Center study on cybersecurity highlighted a troubling dichotomy among adults. The study found that while most Americans have directly experienced some form of data theft or fraud, many admit they “are failing to follow digital security best practices in their own personal lives, and a substantial majority expects that major cyberattacks will be a fact of life in the future.”

While teaching our children as early as possible is imperative, the good news is we’re not talking rocket science. The rules of cybersecurity are as easy to learn as it is to drive a car, and just as safe driving is tied to defensive driving, so too is the need to defensively operate our computers today.

Fortunately, schools and students are beginning to recognize this need. A series of investigative stories on the IT website fedscoop.com highlighted the challenges and opportunities of integrating cybersecurity literacy into school technology curriculums as early as possible. “Using technology is one of the three ‘Rs’ of the 21st century,” said Michael Kaiser, executive director of the National Cyber Security Alliance, referring to the traditional subjects of reading, writing and arithmetic. “If you don’t graduate from high school knowing how to use technology, it’s going to be a hindrance in the same way if you don’t know how to read.”

Making basic cybersecurity literacy a new ‘R’ in school curriculums will expose students to lessons that can last a lifetime and teach them critical steps to protect themselves. The time to create good cybersecurity habits is when children first begin operating a computer. Rather than trying to “unlearn” bad habits (as identified in the Pew study) we should build a strong foundation of cybersecurity literacy skills in our students as early as possible.

We can do a better job of preparing our students to enter the workforce with a strong set of cybersecurity literacy skills. We can begin with a focus on the topics mentioned earlier: passwords, their management and tools, as well as understanding social engineering and phishing attacks. Engaged and enlightened students with a modicum of cybersecurity literacy will make a huge difference in creating a workforce prepared to defend against the daily cyberattacks in our homes and businesses of today and tomorrow.

Craig Taylor is the chief security officer for Neoscope Technology Solutions in Portsmouth. He can be reached at CTaylor@neoscopeit.com

This article appears in the June 23 2017 issue of New Hampshire Business Review